Friday, August 5, 2011

One size doesn’t fit all when it comes to Email Encryption

John Goodyear
Chief Technology Officer
Egress Software Technologies Ltd.
The team here at Egress has been involved in Encryption for over a decade. During this time we've seen most forms of endpoint encryption become commodity within enterprise environments. Encrypted laptops and removable storage devices are the norm these days if your organization cares about its reputation and its customers.

The one place we've never seen great acceptance is with Beyond the Endpoint encryption, often casually referred to as Email Encryption but these days you have to consider large file transfer as Email starts to let you down after 20MB or so.

The there are a number of reasons that Beyond the Endpoint encryption has failed to gain traction within organizations, here are some of the reasons we've seen:



One Size?

One size does not fit all. Small to Medium Enterprise (SME) do not have the same requirements as Enterprise & Government when it comes to an encryption solution. Here are some factors typically considered by different organizations.

Small Medium Enterprise
  • Ad hoc software deployment to where its needed the most.
  • Email infrastructure (servers) maybe outsourced, hosted etc (no control over configuration).
  • Volume of use may not require an infrastructure level deployment.
Enterprise & Government
  • Software deployed across whole domain or per Organization Unit.
  • Email servers are fully controlled and maybe linked to archiving and compliance systems.
  • Large volumes of information passing through the email infrastructure.
With these factors in mind it is most likely that a small business will favour an endpoint deployment whereas an enterprise may find gateway based encryption best meets their needs. Take care when considering solutions from the major security vendors as solutions are often based on different technologies from various acquisitions and can offer a disjointed user experience.

Recipient Experience

A factor often overlooked when organizations evaluate products is the experience for the recipient of the encrypted message. While an organization may consider internal factors such as deployment, usability and performance . What if a solution performs well for your users but leaves the external recipients with a terrible experience?

You may choose to ignore this factor but your users will be the ones taking the heat when external recipients are unable able to access secure content. We've always held the belief that users will follow the path of least resistance. So if your solution does not allow them to get the job done they won't use it and if you enforce it they will circumvent it.

The ability to provide a means of access on all major platforms including mobile devices is essential, additionally supporting a zero-install web experience means your recipient has no reason to object to your desire to ensure information is delivered in a secure way.

Conclusion

In the same way that full disk and removable storage has become the norm rather than the exception, we believe that Beyond the Endpoint encryption can no longer be ignored.

There are ever increasing demands to meet regulatory compliance and companies face bigger fines than ever when data breaches occur. Factor in the rising threats of phishing and email hacking and it soon becomes apparent that having additional security in your Inbox is fast becoming a luxury you can't live without.

We've spent a lot of time thinking about the problems faced when your organization starts to send secure information outside the perimeter. Regardless of where the encryption takes place internally (Endpoint or Gateway) you can be sure the recipient will be able to access it.

To learn more about Egress Switch which can now be deployed as an Endpoint or Gateway solution, get in touch with us.